Overview

overview

7

Static

static

1

Borux.png

windows10-2004-x64

7

Resubmissions

02-04-2023 18:00

230402-wllckshf97 3

02-04-2023 17:44

230402-wbfpcaah8y 8

02-04-2023 17:26

230402-vz3ckshe66 4

02-04-2023 10:34

230402-mmkb8sfh52 1

02-04-2023 10:34

230402-ml33ysfh48 1

02-04-2023 10:26

230402-mgrjcsfh32 1

02-04-2023 10:05

230402-l4st9sfg56 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Borux.png

  • Size

    21KB

  • Sample

    230402-l4st9sfg56

  • MD5

    161c2cf23c01ee0d37689fc51458ec7f

  • SHA1

    b864444ecdcd427209155971ee0a91913d2cd304

  • SHA256

    435469a7278571ddb7b2cf629323c105839862df407d90135e8e311bf3fe6b04

  • SHA512

    7fcd9a981886307a44db5c6661e613a7bdf2c0cb5113de4654e4bb85870de10bef7a8032a2e33bf4c2443ae31c1c26315080905c0d407f2ac1dcb7aa3ee59df0

  • SSDEEP

    384:0jBy2lR1p4nhwiddxLPwwnuLUd0eEx0/LnbnMBBVQu8+y+B:kNrpwiiv59nl0eEx0/vnMxq+y+B

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      Borux.png

    • Size

      21KB

    • MD5

      161c2cf23c01ee0d37689fc51458ec7f

    • SHA1

      b864444ecdcd427209155971ee0a91913d2cd304

    • SHA256

      435469a7278571ddb7b2cf629323c105839862df407d90135e8e311bf3fe6b04

    • SHA512

      7fcd9a981886307a44db5c6661e613a7bdf2c0cb5113de4654e4bb85870de10bef7a8032a2e33bf4c2443ae31c1c26315080905c0d407f2ac1dcb7aa3ee59df0

    • SSDEEP

      384:0jBy2lR1p4nhwiddxLPwwnuLUd0eEx0/LnbnMBBVQu8+y+B:kNrpwiiv59nl0eEx0/vnMxq+y+B

    Score
    7/10
    discoverypersistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

6
T1012

System Information Discovery

6
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks